• Follow us

Technology

Major Browsers Block Kazakhstan Government's Fake Safety Cert | Cybersecurity

Google, Mozilla and Apple on Wednesday blocked a fake root certificate issued by Kazakhstan's government to spy on its citizens' online activities.

The government instructed citizens to install the certificate on all of their devices, and it provided separate instructions for Android, iOS, Chrome, Firefox, and Internet Explorer Web browsers, according to F5 Labs.

When those who installed the certificate attempt to access website using Chrome, Firefox or Safari, they now will see an error message stating that the "Qaznet Trust Network" certificate should not be trusted.

Google has added the certificate to CRLSet and will block it in other Chromium-based browsers, according to Andrew Whalley, Chrome Security.

"We believe this is the appropriate response because users in Kazakhstan are not being given a meaningful choice over whether to install the certificate and because this attack undermines the integrity of a critical network security mechanism," said Mozilla Certification Authority Program Manager Wayne Thayer.

Apple reportedly also has taken action to ensure Safari does not trust the certificate.

Redmond Silent

Microsoft has not said anything publicly about the issue.

"The Certificate Authority in question is not a trusted CA in our Trusted Root Program," a Microsoft spokesperson said in a statement provided to TechNewsWorld by company rep Katie Schick.

Microsoft "likely has a number of large contracts with the government, and they are typically far more exposed if a government wants to go after them, so they tend to be far more cautious," suggested Rob Enderle, principal analyst at the Enderle Group.

Apple and Google do not have much of a presence in government, he told TechNewsWorld.

Good Intentions?

The fake root certificate let the Kazakhstan government access citizens' online traffic, circumventing encryption, through a man-in-the-middle (MITM) attack.

The fake certificate decrypts traffic and encrypts it with its own key before forwarding the traffic to its destination, Censored Planet found.

The aim was to protect Kazakhstan's users from cyberthreats, according to government officials.

The fake certificate has to be installed manually because browsers do not trust it by default.

Censored Planet first observed the interception of online traffic through the certificate's mechanism July 17 and began tracking it July 20. The interception was not continuous, starting and stopping several times.

Detecting the Attack

Censored Planet detected the attack using a technique called "HyperQuack," which involves connecting to TLS servers and sending handshakes that contain potentially censored domains in the server name indication (SNI) extension.

If the response differs from a normal handshake response, the domain is marked as potentially censored.

At least 37 domains were affected:

google.com, docs.google.com, mail.google.com and other Google sites; youtube.com; android.com and related Android sites; instagram.com and related Instagram sites; twitter.com; and various Facebook sites.

Connections were intercepted only if they followed a network path that passed the interception system, Censored Planet found.

However, interception occurred regardless of the direction the connection took along the path. That allowed interception behavior to be triggered from outside Kazakhstan by making connections to TLS servers inside the country.

Tempest in Teacup?

Censored Planet has two virtual private server (VPS) clients within Kazakhstan. They were able to access affected sites without any HTTPS interception, suggesting it was not universal.

Many clients do not receive the injected certificate even when connecting to domains known to be affected, the organization pointed out.

Certificates were found injected in about 1,600 of more than 6,700 TLS hosts accessed through one of Censored Planet's VPS clients, and only 459 of the TLS hosts when accessed from the United States.

Kazakhstan's government earlier this month said that a new security system being tested caused interruptions to Internet access for residents of the nation's capital of Nur-Sultan.

One third of all traffic in the city was inspected, the government said, adding that the tests were complete and citizens who had installed the National Certificate could delete it. Citizens would have to install it again if required.

The path to all the 1,600 servers passed through AS 9198 -- Kazakhtelecom, which holds a de facto monopoly on backbone infrastructure, and established Kazakhstan's Internet Exchange Point -- a peering center for domestic traffic, according to Freedom House.

If at First You Don't Succeed

The Kazakhstan government first tried to launch a fake CA attack in 2015.

It applied to become a trusted Certificate Authority (CA) in the Mozilla program, but the request was denied because Mozilla had evidence the government planned to intercept traffic by forcing users to install the root certificate in the bug.

The latest attack used a different bug. Kazakhstan described the attack as a test of its cybersystems.

Mozilla blocked the Qaznet certificate because some users already had installed it, and because the organization considered it likely that the government might rely on it again in the future.

If the government switches to a new certificate, Mozilla promised to take similar action to protect the security and privacy of Firefox users.

Browser makers previously have blocked digital certificates. In 2015, Google and Mozilla blocked all new digital certificates the China Internet Network Information Center (CNNIC) issued after a threshold date.

They took that action in response to unauthorized credentials issued for Gmail and other Google domains.

However, Microsoft restricted itself to issuing a security update, and Apple did not take any action against CNNIC.

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.

Read More



Leave A Comment

More News

TechNewsWorld

Manjaro 18.1: Goes Arch One Better 2019-09-20 10:00:00Manjaro Linux 18.1, released on Sept. 12, is one of the most complete Linux OSes you will find. It is a powerhouse distro that offers a better Arch Li

Fitness: The Sweet Spot for Smartwatches 2019-09-20 05:42:54Smartwatches outsold traditional watches in the fourth quarter of 2018. The category saw a 51 percent increase in dollar sales for last year, along wi

Facebook's New Portals: More Ways to Follow 2019-09-19 06:00:00Facebook has announced three additions to the Portal family: a new Portal, Portal Mini and Portal TV. The devices let users make calls using Facebook

iPhone 11: To Upgrade or Not, That's the 2019-09-18 05:41:17Early reviews on the new iPhone models are appearing, and for owners of older versions of Apple's flagship mobile, an upgrade may be in order. Review

Pine64 Teases $25 Linux Smartwatch 2019-09-17 13:25:13While open source enthusiasts still await the year of the Linux desktop, hardware developer Pine64 is advancing the cause of a $25 Linux-powered smart

Wi-Fi 6 Is Ready for Prime Time 2019-09-17 06:07:02The Wi-Fi Alliance has released certification standards for Wi-Fi 6 devices, signaling that the technology is ready for prime time. The certification

What's Wrong With Apple? 2019-09-16 13:34:10Apple held its huge product announcement event last week, and what once had people besides themselves with excitement has become a near pointless prog

Archman Linux: Pure Arch With Extra Flair 2019-09-13 14:12:07Archman is an Arch Linux-based rolling distribution featuring the Calamares system installer, Pamac package manager, and a selection of preconfigured

The Pitched Battle Over Streaming Content 2019-09-13 05:40:26At Apple's annual new products and devices event earlier this week, CEO Tim Cook told the crowd gathered at its Cupertino headquarters that the new A

Apple Debuts Triple-Cam iPhone, New iPad, and Aggressively 2019-09-11 05:52:43Apple raised the curtain on its latest iPhone models, introduced a new iPad, refreshed its watch, and announced pricing for its subscription game and

Google's Super-Sized Nest Hub Draws Mixed Reviews 2019-09-10 10:42:40The new larger version of Google's Nest Hub smart display has been garnering mixed reviews. It has a 10-inch screen, compared to its predecessor's 7

Taking the AI Approach to US Problem-Solving 2019-09-09 14:06:34At an IBM briefing on its joint AI project with MIT, it struck me that some of the training concepts could improve the quality of political decisions

PCWorld

This week in games: Epic gives away six 2019-09-20 15:00:00I hate publisher-specific game launchers. I want to play Red Dead Redemption 2. These two truths are definitely at war this week.That news, plus Epic

CEDIA Expo 2019: There was a lot to 2019-09-20 14:35:00Major trends included projectors designed to replace TVs, direct-view LED screens, 8K, and more affordable high-end audio.

Best cheap laptops: We rate the best-sellers on 2019-09-20 14:04:00When you’re looking for a good, cheap laptop, knowledge is power. Every budget machine (which we’re defining as Windows laptops costing $5

AMD announces third-gen Threadripper, but confirms supply issues 2019-09-20 13:00:00On Friday, AMD finally confirmed that its third-generation Threadripper chip will ship in November—but with 24 cores, not 32, as some had hoped.

HP buys Bromium to apply virtualization security to 2019-09-20 08:00:00HP acquired security company Bromium, announcing the purchase on Thursday afternoon. Much as Intel, AMD, Nvidia, Microsoft, and other major vendors ho

Astro C40 review: For those who think the 2019-09-20 06:29:00The Astro C40 gaming contoller comes from a company far better known for its headsets. For years, save for the odd dabble in lifestyle gear, headsets

Best headphones: Our top picks for personal listening 2019-09-20 06:00:00Whether you're looking for an over-the-ear, on-ear, or in-ear model, we'll help you find the perfect pair.

Acer Nitro 5 (2019) review: A great budget-conscious 2019-09-20 06:00:00Acer's latest Nitro 5 shows you just how affordable gaming laptops have become. Last year we reviewed the 2018 version of the Acer Nitro 5, which pro

Phiaton Curve BT120 NC review: A great value 2019-09-20 06:00:00Decent active noise cancellation and great sound combine with a solid feature set and design to produce a high-value package.

Microsoft Windows 10 Insider build 18985 expands its 2019-09-19 19:01:00Microsoft said Thursday that, as part of a future version of Windows, it will beef up the Swift Pair Bluetooth pairing experience launched last year,

WatchOS 6: Everything you need to know about 2019-09-19 13:49:00Apple has unveiled watchOS 6, and it makes the Apple Watch more independent than ever.

Watch The Full Nerd talk about the latest 2019-09-19 13:46:00Join The Full Nerd gang as they talk about the latest PC hardware topics. Today's show goes into all the recent CPU performance leaks including 3rd-g

FOX News

Record calls, iPhone Pro secrets, better TV remote, 2019-09-22 07:00:28The secrets of the iPhone Pro, a better TV remote, free Microsoft office and much more in this week's Tech Q&A.

5 essential steps to protect yourself from hackers 2019-09-21 07:00:53Your device is like the Alamo. It’s fortified and sits in one place. But there’s also a gigantic army just outside its walls, eager to bre

China develops handheld sonic weapon for crowd control: 2019-09-20 20:37:29China has developed the world's first portable sonic gun to control riots, the Chinese Academy of Sciences announced.

Facebook suspends tens of thousands of data-scraping apps 2019-09-20 18:46:08Facebook has suspended tens of thousands of apps that have in some way mishandled user data as the company faces a range of U.S. investigations and po

How to protect yourself from ransomware using Windows 2019-09-20 16:27:50Microsoft offers built-in ransomware protection for Windows 10. Here’s how to make sure you’re protected.

Breakthrough device can generate electricity from the night 2019-09-20 14:31:25An innovative new device is able to generate electricity from the night sky, according to a new study.

Saudi Arabia oil attack requires prepping for drone 2019-09-20 07:44:03The attacks on Saudi Arabia's oil fields will drive a massive increase in the need for perimeter security gear, according to a new report. 

Facebook employee jumps to death from headquarters in 2019-09-20 01:45:29A Facebook employee reportedly jumped to his death from the fourth floor of a building at the Facebook campus in Northern California Thursday, accordi

Facebook CEO Zuckerberg meets with Trump, key senators 2019-09-19 21:02:49Facebook founder and CEO Mark Zuckerberg met with President Trump at the White House Thursday, part of a series of visits with lawmakers who have been

Facebook's Zuckerberg says there 'clearly was bias' in 2019-09-19 18:54:09Facebook CEO Mark Zuckerberg said the company's handling of a fact-checking controversy involving pro-life group Live Action was biased.

'Flying taxi' pulled over by police on the 2019-09-19 16:26:35A futuristic, eco-friendly water taxi was pulled over by police on the River Seine in Paris, according to The Independent.

Amazon’s Alexa voice assistant will start taking donations 2019-09-19 16:21:41Starting in October, users of Amazon’s voice-controlled home assistant Alexa will be able to dictate/verbally make a political contrib

TechCrunch

Meet Facebook’s latest fake 2019-09-21 13:56:14Facebook CEO Mark Zuckerberg, a 35-year-old billionaire who keeps refusing to sit in front of international parliamentarians to answer questions about

Here are the 22 companies from Alchemist Accelerator’s 2019-09-21 13:39:08Alchemist Accelerator, a startup incubator which focuses on enterprise companies, held a demo day yesterday for its 22nd batch. Each company got 5 min

Zoox CEO Aicha Evans to talk self-driving cars 2019-09-21 10:22:31Aicha Evans, CEO of self-driving startup Zoox, is joining us at TechCrunch Disrupt San Francisco in just two short weeks. Evans came on board to Zoox

Startups Weekly: Upfront Ventures bets on a bus 2019-09-21 08:00:51In this week's newsletter: Airbnb, WeWork and Postmates prep IPOs.

Want to crush competitors? Forget SoftBank, Blackstone suggests; 2019-09-20 20:49:25Back in January, Blackstone — the investment firm whose assets under management surpassed a jaw-dropping half a trillion dollars earlier this ye

Chef CEO says he’ll continue to work with 2019-09-20 18:27:50Yesterday, software development tool maker Chef found itself in the middle of a firestorm after a Tweet called them out for doing business with DHS/IC

Get advice on the latest growth tactics from 2019-09-20 17:45:11We’re going to try something new at Disrupt this year, based on the great response we’ve been getting to our startup how-to coverage. We&r

Matchstick Ventures raises $30M to back startups in 2019-09-20 17:41:48Matchstick Ventures, a seed-stage firm that says it invests in “rapidly growing, yet underserved startup ecosystems,” announced this week

Take cover, it’s a drone with a nail 2019-09-20 17:09:06The FAA has warned against equipping your drone with weapons such as flamethrowers and handguns. But can a nail gun really be considered a weapon &mda

Publicis Sapient’s John Maeda explains how big companies 2019-09-20 17:07:01John Maeda has been a professor at the MIT Media Lab, president of the Rhode Island School of Design, designer partner at venture firm Kleiner Perkins

YouTube CEO says it ‘missed the mark’ with 2019-09-20 16:14:18Less than 24 hours after YouTube announced that it would be changing its creator verification process, CEO Susan Wojcicki admitted that the news hasn&

Here are the security sessions you can’t miss 2019-09-20 16:02:14Security is in everything, it’s everywhere and it’s everyone’s responsibility. What part are you playing? At TechCrunch Disrupt SF o

Thetechhacker

Disruptive apps found inside Android VPN apps having 2019-09-21 03:16:59There is a real problem of malware being on the Google Play Store and the company, sort of, acknowledges it as well. This is via the route of removing

Realme X2 will have 30W VOOC flash charge 2019-09-21 02:54:44Realme X2 seems to be the latest flagship smartphone from Realme when it comes to releasing new smartphones in the market. The company has been on a r

Google Pixel 4 series will have Just Black, 2019-09-21 02:38:10We have seen that the Google Pixel 4 series has leaked multiple times by now. Even Google has also revealed the back design of its upcoming smartphone

Bluehost 2019-09-20 08:03:37The post Bluehost appeared first on Thetechhacker.

Siteground 2019-09-20 07:41:40The post Siteground appeared first on Thetechhacker.

Realme X2 with Snapdragon 730G and 64MP primary 2019-09-20 04:32:01We have said this and we will say it again that Realme seems to be in a hurry to launch as many smartphones as possible. It is really confusing to und

You can now make phone calls to your 2019-09-20 04:18:17Google just announced something that will be loved and appreciated by Assistant fans in India. The company revealed that you can now make its Assistan

Apple’s iPhone 11 series now available for pre-order 2019-09-20 03:37:42Since the iPhone 11 series was unveiled by Apple, there has been a lot of excitement regarding the latest devices. Not only are the latest iPhones wit

An A.I.- powered smartphone app detects skin cancer 2019-09-20 03:25:13We have seen that artificial intelligence has made some big progress in recent times. There is almost nothing that any A.I. system can’t do that

Apple releases iOS 13 for iPhones and Apple 2019-09-20 03:08:54After Apple’s latest iPhone launch announcement, the company has also released its latest version of iOS and watchOS named as iOS 13 and watchOS

Spyware identification & removal made easy with SUPERAntiSpyware 2019-09-19 13:29:35In the age where data holds more value than gold, its quintessential to protect it with everything you’ve got. We surf a lot on the internet, ma

How Do Residential Proxies Work? 2019-09-19 13:13:00The Internet Service Provider (ISP) can track your internet history and other online activities. They know which websites you visit, which pages you c

SlashGear

Amazon Prime members now get free loot for 2019-09-21 12:00:35Amazon Prime members are getting free in-game items for mobile games as part of their subscription, the company has announced. The new perks will kick

TiVo to launch $50 Android TV streaming stick 2019-09-21 10:45:33TiVo, the company that skyrocketed to popularity with its DVR products before slowly fading into obscurity, is preparing to launch a $50 streaming sti

High blood pressure drug recall expands again over 2019-09-21 09:00:55The FDA has advised consumers that Torrent Pharmaceuticals is voluntarily expanding its blood pressure medication recall over the presence of an impur

Neo Geo Arcade Stick Pro preloaded games and 2019-09-21 07:15:57A little over a week after the miniature console was first announced, SNK is back with an update on its Neo Geo Arcade Stick Pro, revealing the 20 gam

TiVo is testing pre-roll ads on DVR videos 2019-09-20 20:43:46TiVo has quietly rolled out a new test that has some of its DVR customers raging. Users recently started noticing the arrival of advertisements that p

Fujifilm X-Pro3 camera packs hidden LCD, hybrid EVF, 2019-09-20 19:46:57During its X Summit in Tokyo today, camera company Fujifilm took the wraps off its upcoming X-Pro3, a new rangefinder that will feature a retro design

Minecraft Character Creator arrives in beta for personalized 2019-09-20 18:51:20Mojang has released Minecraft Beta 1.13.0.15 for Android, Xbox One, and Windows 10. As with past beta releases, the latest version brings new features

Boeing MQ-25 unmanned refueler drone completes its first 2019-09-20 18:01:24In August 2018, Boeing was awarded an $805 million contract from the U.S. Navy for the development of an ‘unmanned aerial refueler.’ The r

ESA’s new Mars image shows the Red Planet 2019-09-20 17:08:48The European Space Agency has published a new image showing a ‘slice’ of Mars, one that ranges from the planet’s white cloud-covered

FOX is bringing Thursday Night Football streams in 2019-09-20 15:58:17FOX Sports is about to give its Thursday Night Football broadcasts a huge quality boost, offering them in 4K Ultra HD resolution for the first time st

The Last of Us Part 2 confirmed for 2019-09-20 15:56:01Yesterday, Sony announced its plans to host another State of Play presentation next week. For the uninitiated, State of Play is essentially Sony&rsquo

iFixit iPhone 11 Pro teardown developing: Battery answers 2019-09-20 15:30:36Today the folks at iFixit picked up an iPhone 11 Pro in Midnight Green and took it took the teardown bench. Inside this piece of hardware we’ll

Electrek

Tesla Semi prototype spotted at Pixar’s headquarters 2019-09-21 10:32:41 A Tesla Semi prototype made a rare appearance at Pixar’s headquarters – along with several other electric vehicles. more… Subscrib

Climate Crisis Weekly: Millions march in the Global 2019-09-21 09:00:19 The (truly) Global Climate Strike draws millions to the streets… … But Donald Trump is snubbing the UN climate summit on Monday. Climat

California, automakers stay the course on emissions agreement, 2019-09-20 18:12:05 On Thursday, the Environmental “Protection” Agency moved to revoke California’s authority to set higher emissions standards, establ

Podcast: Tesla V10, Tesla Model S Plaid, Rivian 2019-09-20 15:35:33 This week on the Electrek Podcast, we discuss the most popular news in the world of sustainable transport and energy, including Tesla V10 softwa

Tesla Model S prototype breaks down, Porsche Taycan 2019-09-20 14:15:27 A Porsche Taycan drove past a Tesla Model S prototype that broke down while testing on the Nurburgring racetrack, and the TSLA short community is goi

EGEB: Guatemalans emigrate due to climate-change-induced food shortages; 2019-09-20 14:00:20 In today’s Electrek Green Energy Brief (EGEB): Food shortage due to climate change is forcing Guatemalans to migrate north. Why nitrous oxide i

Global Climate Strike: in pictures and video 2019-09-20 13:45:09 Young people are leading marches, big and small, in a truly global climate strike today. (Adults are there, too.) They are protesting inaction on cli

Tesla gets sued by car dealers afraid to 2019-09-20 12:08:04 Tesla is still facing some direct sales bans in the US, and the saga seems to have no end. The company is now being sued by the New Jersey Coalition

Tesla loses head of energy division and North 2019-09-20 09:56:55 Tesla’s head of energy division and North American sales, Sanjay Shah, is leaving the automaker to join Beyond Meat. more… Subscribe to

Tesla changes end-of-quarter incentives after some ‘abuse’ 2019-09-20 06:20:40 Tesla had to make some adjustments to the previously reported incentives for customers that were implemented for an end-of-the-quarter push as there

Rivian unveils first picture of new electric van 2019-09-19 19:39:26 Rivian is unveiling the first picture of its new electric delivery van — the company’s third electric vehicle — as it already has o

Tesla confirms Model S Plaid ~7:20 time at 2019-09-19 14:08:21 Tesla has confirmed that the new Model S Plaid prototype is making the previously reported ~7:20 time at the Nürburgring racetrack, and the auto


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.